Holistic Evaluation of Vulnerabilities in a Vulnerability Chain

1. A computer-implemented method comprising: invoking a search of vulnerability chain data of a local database using a database query to obtain a search result, wherein the database query is formed, at least in part, using a set of tokens based on a phrase extracted from a description string associated with a new vulnerability, and wherein the search result comprises a plurality of linked vulnerabilities that collectively form a vulnerability chain; identifying a vulnerability characteristic of a linked vulnerability of the plurality of linked vulnerabilities in the vulnerability chain; generating, as a new vulnerability chain, a modified version of the vulnerability chain by appending the new vulnerability to the vulnerability chain; assigning an updated vulnerability score to the new vulnerability based at least in part on the identified vulnerability characteristic of the linked vulnerability, wherein the updated vulnerability score is computed using a level of emphasis associated with the identified vulnerability characteristic of each linked vulnerability of the plurality of the vulnerabilities in the vulnerability chain; and updating the local database to include the new vulnerability chain and the updated vulnerability score.

2. The computer-implemented method of claim 1, wherein the vulnerability chain comprises a directed graph that includes data nodes that represent vulnerabilities, and edges represent paths between vulnerabilities.

3. The computer-implemented method of claim 2, wherein the generating of the new vulnerability chain comprises adding a new data node to the directed graph representative of the new vulnerability and adding an edge to the directed graph defining a path between one of the data nodes and the new data node.

4. The computer-implemented method of claim 3, wherein the adding of the new data node comprises adding a new path from a source node of the directed graph to a target node of the directed graph.

5. The computer-implemented method of claim 2, wherein the generating of the new vulnerability chain comprises traversing nodes along the paths over directed links in the directed graph and determining one of the data nodes of the directed graph to link to a new data node that represents the new vulnerability.

6. The computer-implemented method of claim 1, further comprising: generating, based on the description string, the set of tokens of a database syntax, wherein the tokens are each matched to a respective fragment of the description string; and forming the database query using a sequence of the set of tokens.

7. The computer-implemented method of claim 6, wherein tokens in the set of tokens are each matched to a respective word of the phrase extracted from the description string.

8. The computer-implemented method of claim 1, further comprising: identifying the vulnerability characteristic of the new vulnerability; and assigning updated vulnerability scores to the linked vulnerabilities based at least in part on the identified vulnerability characteristic of the new vulnerability.

9. The computer-implemented method of claim 1, wherein the new vulnerability comprises a Common Vulnerabilities and Exposures (CVE) identifier string.

10. The computer-implemented method of claim 1, wherein the vulnerability score of the new vulnerability is a Common Vulnerability Scoring System (CVSS) score.

11. The computer-implemented method of claim 1, further comprising: receiving data indicative of the new vulnerability from the National Vulnerability Database (NVD).

12. The computer-implemented method of claim 1, wherein the vulnerability chain is representative of an attack pattern.

13. A computer program product comprising one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions executable by a processor to cause the processor to perform operations comprising: invoking a search of vulnerability chain data of a local database using a database query to obtain a search result, wherein the database query is formed, at least in part, using a set of tokens based on a phrase extracted from a description string associated with a new vulnerability, and wherein the search result comprises a plurality of linked vulnerabilities that collectively form a vulnerability chain; identifying a vulnerability characteristic of a linked vulnerability of the plurality of linked vulnerabilities in the vulnerability chain; generating, as a new vulnerability chain, a modified version of the vulnerability chain by appending the new vulnerability to the vulnerability chain; assigning an updated vulnerability score to the new vulnerability based at least in part on the identified vulnerability characteristic of the linked vulnerability, wherein the updated vulnerability score is computed using a level of emphasis associated with the identified vulnerability characteristic; and updating the local database to include the new vulnerability chain and the updated vulnerability score.

14. The computer program product of claim 13, wherein the stored program instructions are stored in a computer readable storage device in a data processing system, and wherein the stored program instructions are transferred over a network from a remote data processing system.

15. The computer program product of claim 13, wherein the stored program instructions are stored in a computer readable storage device in a server data processing system, and wherein the stored program instructions are downloaded in response to a request over a network to a remote data processing system for use in a computer readable storage device associated with the remote data processing system, further comprising: program instructions to meter use of the program instructions associated with the request; and program instructions to generate an invoice based on the metered use.

16. The computer program product of claim 13, wherein the operations further comprise: identifying the vulnerability characteristic of the new vulnerability; and assigning updated vulnerability scores to the linked vulnerabilities based at least in part on the identified vulnerability characteristic of the new vulnerability.

17. The computer program product of claim 13, wherein the vulnerability chain comprises a directed graph that includes data nodes that represent vulnerabilities, and edges represent paths between vulnerabilities.

18. A computer system comprising a processor and one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions executable by the processor to cause the processor to perform operations comprising: invoking a search of vulnerability chain data of a local database using a database query to obtain a search result, wherein the database query is formed, at least in part, using a set of tokens based on a phrase extracted from a description string associated with a new vulnerability, and wherein the search result comprises a plurality of linked vulnerabilities that collectively form a vulnerability chain; identifying a vulnerability characteristic of a linked vulnerability of the plurality of linked vulnerabilities in the vulnerability chain; generating, as a new vulnerability chain, a modified version of the vulnerability chain by appending the new vulnerability to the vulnerability chain; assigning an updated vulnerability score to the new vulnerability based at least in part on the identified vulnerability characteristic of the linked vulnerability, wherein the updated vulnerability score is computed using a level of emphasis associated with the identified vulnerability characteristic; and updating the local database to include the new vulnerability chain and the updated vulnerability score.

19. The computer system of claim 18, wherein the operations further comprise: identifying the vulnerability characteristic of the new vulnerability; and assigning updated vulnerability scores to the linked vulnerabilities based at least in part on the identified vulnerability characteristic of the new vulnerability.

20. The computer system of claim 18, wherein the vulnerability chain comprises a directed graph that includes data nodes that represent vulnerabilities, and edges represent paths between vulnerabilities.